Contents

Chapter Description

In this sample chapter from CCNA Cyber Ops SECOPS 210-255 Official Cert Guide, readers learn how to configure basic NetFlow in a Cisco device. Content also covers the industry standard IPFIX as well as how NetFlow is used for cybersecurity and incident response.

This chapter starts with an introduction to NetFlow and then covers details about all the different NetFlow versions. In this chapter, you will learn how to configure basic NetFlow in a Cisco device. You will also learn about the industry standard IPFIX as well as how NetFlow is used for cybersecurity and incident response. This chapter also covers examples of commercial and open source NetFlow analysis tools.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz helps you identify your strengths and deficiencies in this chapter’s topics. The 10-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time. Table 4-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?” quiz questions that correspond to those topics.

Flexible NetFlow, Cisco’s next-generation NetFlow, can track a wide range of Layer 2, IPv4, and IPv6 flow information. Which of the following are examples of that information? (Choose four.)

Source and destination IPv4 or IPv6 addresses

Source and destination ports

Packet and byte counts

Flow timestamps

Usernames

Application ID

NetFlow supports different types of cache. Which of the following are the NetFlow cache types? (Choose three.)

Normal

Flexible

Immediate

Permanent

IPFIX is a flow standard based on what version of NetFlow?

Version 1

Version 5

Version 7

Version 9

What is one of the benefits of NetFlow templates?

Templates make flow records more organized and better structured.

Templates provide a vendor-neutral support for companies that create applications that provide collector or analysis capabilities for NetFlow so that they are not required to reinvent their product each time a new NetFlow feature is added.

Templates provide a faster way of processing NetFlow records.

Templates can be used to detect zero-day attacks faster because they provide support for indicators of compromise.

What protocol is used by IPFIX for packet transport?

SNMP

HTTPS

SCTP

TLS

NetFlow is a great tool for anomaly and DDoS detection. Before implementing these detection capabilities, you should perform which of the following tasks?

Enable NetFlow in more than two interfaces.

Enable BGP for route redirection.

Develop a traffic baseline.

Enable anti-spoofing protection.

Many network telemetry sources can also be correlated with NetFlow when responding to security incidents and performing network forensics. Which of the following are examples of other telemetry sources that can be correlated with NetFlow? (Choose two.)

Dynamic Host Configuration Protocol (DHCP) logs

VPN logs

Core dumps

Process utilization and hardware inventory logs

Which of the following are examples of open source tools that can be used for NetFlow analysis? (Choose three.)

SiLK

Elasticsearch, Logstash, Kibana (ELK)

Lancope

Graylog

Which of the following are components of the Cisco Lancope StealthWatch solution?